Published: 29/06/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote malicious user to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions before 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).

Vulnerable Product	Search on Vulmon	Subscribe to Product
microfocus secure messaging gateway

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' => "MicroFo ...

CWE-89 https://www.exploit-db.com/exploits/45083/https://support.microfocus.com/kb/doc.php?id=7023132 https://pentest.blog/unexpected-journey-6-all-ways-lead-to-rome-remote-code-execution-on-microfocus-secure-messaging-gateway/https://nvd.nist.gov https://www.exploit-db.com/exploits/45083/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-12464

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect